docker EACCES:在容器中运行nestjs时,权限被拒绝,mkdir '/usr/src/app/dist'

cyej8jka  于 12个月前  发布在  Docker
关注(0)|答案(2)|浏览(134)

我试图通过GitHub Actions在Google Cloud上的VM上的容器内运行NestJS应用程序。
在本地,一切都正常运行,但在VM上,我收到以下权限错误:

error TS5033: Could not write file '/usr/src/app/dist/users/enums/role.enum.js': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/enums/role.enum.js.map': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.module.d.ts': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.module.js': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.module.js.map': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.resolver.d.ts': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.resolver.js': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.resolver.js.map': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.service.d.ts': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.service.js': EACCES: permission denied, mkdir '/usr/src/app/dist'.

error TS5033: Could not write file '/usr/src/app/dist/users/users.service.js.map': EACCES: permission denied, mkdir '/usr/src/app/dist'.

[6:19:10 PM] Found 154 errors. Watching for file changes.

字符串
我的Dockerfile:

###################
# BUILD FOR LOCAL DEVELOPMENT
###################

FROM node:18 As development

WORKDIR /usr/src/app

COPY --chown=node:node package*.json ./

RUN npm ci

COPY --chown=node:node . .

USER node

###################
# BUILD FOR PRODUCTION
###################

FROM node:18 As build

WORKDIR /usr/src/app

COPY --chown=node:node package*.json ./

COPY --chown=node:node --from=development /usr/src/app/node_modules ./node_modules

COPY --chown=node:node . .

RUN npm run build

ENV NODE_ENV production

RUN npm ci --only=production && npm cache clean --force

USER node

###################
# PRODUCTION
###################

FROM node:18 As production

COPY --chown=node:node --from=build /usr/src/app/node_modules ./node_modules
COPY --chown=node:node --from=build /usr/src/app/dist ./dist

CMD [ "node", "dist/main.js" ]


docker-compose:

services:
  api:
    restart: always
    build:
      dockerfile: Dockerfile
      context: .
      target: development
    env_file:
    - .env
    command: npm run start:dev
    ports:
      - 3000:3000
    depends_on:
      - postgres

  postgres:
    image: postgres
    restart: always
    ports:
      - "5435:5432"
    environment:
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
      
  pgadmin:
    image: dpage/pgadmin4
    restart: always
    container_name: pgadmin4
    environment:
      - PGADMIN_DEFAULT_EMAIL=${PGADMIN_DEFAULT_EMAIL}
      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD}
    ports:
      - '5050:80'
    depends_on:
      - postgres
  
  redis:
    image: redis
    ports:
      - "6379:6379"
    restart: always
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD}
    command: redis-server --requirepass ${REDIS_PASSWORD}


CI:

name: deployment

on:
  push:
    branches: [ "test" ]
  pull_request:
    branches: [ "test" ]

jobs:

  deploy:

    runs-on: self-hosted

    steps:
    - name: Clone repository 
      uses: actions/checkout@v4
      with:
        ref: ${{ github.event.pull_request.head.ref }}
    - run: echo "🖥️ The workflow is now ready to test your code on the runner."
    - name: List files in the repository
      run: |
        ls ${{ github.workspace }}
    - run: cp .env.example .env
    - run: npm install
    - name: deploy
      run: docker compose -f ci.docker-compose.yml up --detach --force-recreate


正如你所看到的,我只使用了Dockerfile中的开发部分。
我在Dockerfile和docker-compose中使用了不同的语句:chown,mkdir dist等,但没有成功。
编辑:
我重新构造了Dockerfile:

FROM node:18

WORKDIR /usr/src/app

COPY package*.json ./

RUN npm install

COPY . .

RUN npm run build

EXPOSE 3000

CMD ["npm", "run", "start:dev"]


Docker compose:

services:
  api:
    build:
      dockerfile: Dockerfile
      context: .
    restart: always
    ports:
      - '3000:3000'
    env_file:
      - .env
    depends_on:
      - postgres
    volumes:
      - .:/app/src

  postgres:
    image: postgres
    restart: always
    ports:
      - "5432:5432"
    environment:
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
      
  pgadmin:
    image: dpage/pgadmin4
    restart: always
    container_name: pgadmin4
    environment:
      - PGADMIN_DEFAULT_EMAIL=${PGADMIN_DEFAULT_EMAIL}
      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD}
    ports:
      - '5050:80'
    depends_on:
      - postgres
  
  redis:
    image: redis
    ports:
      - "6379:6379"
    restart: always
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD}
    command: redis-server --requirepass ${REDIS_PASSWORD}


我不知道以前的配置有什么问题,但这一个工作正常。

a8jjtwal

a8jjtwal1#

试试这个,我希望它工作.检查你的dist目录的所有者,如果它是root更改为非root用户$USER或删除你的目录,并重建它没有sudo权限.

wrrgggsh

wrrgggsh2#

我猜这是因为用户“node”没有权限mkdir“dist”和修改其中的文件。
如果我是你,我会连接到容器的文件系统并检查所有者。这是找到真实的原因的最可靠方法。

相关问题